Securing Cloud Data Means Recognizing Vulnerabilities (Opinion)

Cyberspace is now recognized as the “fifth domain” of warfare after land, air, sea and space.

There is momentum in government now for transitioning to cloud computing. Indeed it provides many benefits: speed, agility, convenience and cost savings.

While I share the enthusiasm about the potential of cloud computing to streamline government, one issue lingers on my mind: What if the cloud providers are generally secure, but the transport of data to and from them is vulnerable?

RELATED

It is true that the Internet was developed in the 1960s by the military to survive an attack. But how well protected are its pipes a half-century later? What about a decade or two or three from now, as technology evolves both for ourselves and those who wish to attack us?

Sure, we have layered on encryption, virtual private networks and other security to protect the data traveling through millions of miles of fiber-optic cables. However, any physical transport mechanism is constantly subject to interruption, breakage and attack.

Terrorists frequently see various modes of transportation as a target of choice. As U.S. Rep. Sheila Jackson Lee stated before the Homeland Security Subcommittee on Transportation Security and Infrastructure Protection last September, “You need not be a security expert to understand that our transportation systems are indeed the targets of attack.”

Conceptually it is not difficult to understand why transportation is targeted, since that is when we are particularly vulnerable. Insurgents in Iraq and Afghanistan incessantly attack our military using improvised explosive devices that are placed on the roads where they travel, causing about two-thirds of the American casualties in those countries.

Logically, attacking transportation makes sense: When things are in motion, it is more difficult to shelter them.

We have seen attacks such as this on Internet transport modes. Five years ago, three undersea Internet cables were cut, bringing to a crawl data traffic from Egypt to as far as India.

More recently, the Arab Spring uprisings have actually seen governments shut down the Internet. In between, cyberwarfare in Estonia, Georgia and Iran has resulted in bringing down Internet infrastructure or that of specified institutions.

Even before this occurred, former Chief Counterterrorism Adviser Richard Clarke questioned whether a “digital Pearl Harbor” awaits us in the United States as well.

It’s the principle of inertia: An object in motion stays in motion unless disturbed. Just like a car on a highway, everything zips along just fine until there’s a crash. This is similar with information on the superhighway.

In 2010, retired Vice Adm. Mike McConnell stated, “If we went to war today in a cyberwar, we would lose.”

Cyberspace is now recognized as the “fifth domain” of warfare after land, air, sea and space. It requires a similar level of protection as the other four. In fact, the Pentagon recently concluded that a cyberattack is akin to an act of war, and retaliation should be based on the actual or attempted damage caused to us.

Clearly the federal government is aware of the issues and much good work is being done to make cloud computing as secure as possible, so that we don’t put all our information eggs in one “cloud basket.” And particularly in a challenging economy, we must take advantage of every reasonable avenue to improve our effectiveness and efficiency.

As we continue to streamline our IT operations, let’s make sure we recognize our latent vulnerabilities as well as the ones staring us right in the face.

Andy Blumenthal is a division chief at the U.S. State Department. He was previously chief technology officer at the Bureau of Alcohol, Tobacco, Firearms and Explosives. A regular speaker and published author, Blumenthal blogs at User-Centric Enterprise Architecture and The Total CIO. These are his personal views and do not represent those of his agency.